-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
Can Someone Elaborate Stateful Packet Inspection in Plain English
- Thread starter TechBoyJK
- Start date
When you are communicating with "the internet" there is all sorts of handshaking and windowing and veryfying going on.
Stuff like syn/ack packets for instance.
So you're not just sending data, you're sending & receiving information ABOUT your data.
stateful packet inspection can look at this "data about your data" and figure out if it's traffic that should be allowed.
For instance, it can tell the difference between a "conversation" that originated on the outside and one that originated on the inside. (protected area)
It can also tell if incoming data is part of a legitimate conversation that was initiated from within the LAN
So it can block data that doesn't seem to be a part of legiitmate activity.
Stuff like syn/ack packets for instance.
So you're not just sending data, you're sending & receiving information ABOUT your data.
stateful packet inspection can look at this "data about your data" and figure out if it's traffic that should be allowed.
For instance, it can tell the difference between a "conversation" that originated on the outside and one that originated on the inside. (protected area)
It can also tell if incoming data is part of a legitimate conversation that was initiated from within the LAN
So it can block data that doesn't seem to be a part of legiitmate activity.
As related to Entry Level Cable/DSL Router.
Cable/DSL Routers main function is to provide Network Address Translation (NAT). It is necessary to provide NAT when you share one Internet connection so that each computer will send, and receive the Internet information that belongs to it.
By product of this NAT is simple but effective Firewall.
NAT is implemented in a way that each computer can get only the info that was requested. Thus ?rouge? info. from the Internet can not get in since it was not requested. I.e. the NAT firewall just blocks en-mass every thing that tries to come in none requested, but does not relate to actual info.
NAT Firewall does not interact with outgoing information.
SPI is the next level of protection offered currently by the newest Cable/DSL Routers. It adds an actual examination of the Network Outbound and Inbound Packets, thus can make a content decision.
The following is an Example of the SPI help file on my Router (SMC Barricade).
Allow all to pass except those match the specified rules
Deny all to pass except those match the specified rules
You can specify 8 rules for each directions: inbound or outbound. For each rule, you can define the following:
Source IP address
Source port address
Destination IP address
Destination port address
Protocol: TCP or UDP or both.
For source or destination IP address, you can define a single IP address (4.3.2.1) or a range of IP addresses (4.3.2.1-4.3.2.254). An empty implies all IP addresses.
Each rule can be enabled or disabled individually.
----------------------------------------------------
SPI might help businesses to control their employs ?recreational? surfing,
SPI can help parents to better protect their kids.
-----------------------------------------------------
More about protection here: Basic Protection for Broadband Internet Installation.
Cable/DSL Routers main function is to provide Network Address Translation (NAT). It is necessary to provide NAT when you share one Internet connection so that each computer will send, and receive the Internet information that belongs to it.
By product of this NAT is simple but effective Firewall.
NAT is implemented in a way that each computer can get only the info that was requested. Thus ?rouge? info. from the Internet can not get in since it was not requested. I.e. the NAT firewall just blocks en-mass every thing that tries to come in none requested, but does not relate to actual info.
NAT Firewall does not interact with outgoing information.
SPI is the next level of protection offered currently by the newest Cable/DSL Routers. It adds an actual examination of the Network Outbound and Inbound Packets, thus can make a content decision.
The following is an Example of the SPI help file on my Router (SMC Barricade).
Allow all to pass except those match the specified rules
Deny all to pass except those match the specified rules
You can specify 8 rules for each directions: inbound or outbound. For each rule, you can define the following:
Source IP address
Source port address
Destination IP address
Destination port address
Protocol: TCP or UDP or both.
For source or destination IP address, you can define a single IP address (4.3.2.1) or a range of IP addresses (4.3.2.1-4.3.2.254). An empty implies all IP addresses.
Each rule can be enabled or disabled individually.
----------------------------------------------------
SPI might help businesses to control their employs ?recreational? surfing,
SPI can help parents to better protect their kids.
-----------------------------------------------------
More about protection here: Basic Protection for Broadband Internet Installation.
Garion
Platinum Member
Summary:
Make sure that any incoming packet "matches" an established conversation initiated from the inside. I.e., me browsing to cnn.com will only let packets through that are part of that conversation. www.cnn.com can't simply send an "ack" packet through the firewall without it being first requested by me.
In this case, "www.ask.com" is your friend. I typed in your query ("what is a stateful firewall") and found this page.
- G
Make sure that any incoming packet "matches" an established conversation initiated from the inside. I.e., me browsing to cnn.com will only let packets through that are part of that conversation. www.cnn.com can't simply send an "ack" packet through the firewall without it being first requested by me.
In this case, "www.ask.com" is your friend. I typed in your query ("what is a stateful firewall") and found this page.
- G
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
